diff --git a/_vale/Docker/Acronyms.yml b/_vale/Docker/Acronyms.yml index b71ca8873d70..43eef2d916bd 100644 --- a/_vale/Docker/Acronyms.yml +++ b/_vale/Docker/Acronyms.yml @@ -60,6 +60,7 @@ exceptions: - LTS - MAC - MDM + - MDN - NAT - NET - NFS @@ -90,6 +91,7 @@ exceptions: - SDK - SLES - SLSA + - SOCKS - SPDX - SQL - SSD diff --git a/_vale/config/vocabularies/Docker/accept.txt b/_vale/config/vocabularies/Docker/accept.txt index b7d98e3d3d95..38bcf29df25f 100644 --- a/_vale/config/vocabularies/Docker/accept.txt +++ b/_vale/config/vocabularies/Docker/accept.txt @@ -108,6 +108,7 @@ Zsh [Mm]oby [Oo]nboarding [Pp]aravirtualization +[Pp]roxied [Pp]roxying [Rr]eal-time [Rr]untimes? @@ -156,5 +157,6 @@ tmpfs ufw umask ungated +untrusted vSphere vpnkit diff --git a/content/manuals/build/building/best-practices.md b/content/manuals/build/building/best-practices.md index c3d7e783a50e..c3d42b9a9659 100644 --- a/content/manuals/build/building/best-practices.md +++ b/content/manuals/build/building/best-practices.md @@ -319,7 +319,7 @@ backslashes to make your Dockerfile more readable, understandable, and maintainable. For example, you can chain commands with the `&&` operator, and use -use escape characters to break long commands into multiple lines. +escape characters to break long commands into multiple lines. ```dockerfile RUN apt-get update && apt-get install -y \ diff --git a/content/manuals/desktop/troubleshoot-and-support/troubleshoot/known-issues.md b/content/manuals/desktop/troubleshoot-and-support/troubleshoot/known-issues.md index 72e91f77b0fd..6cef69292412 100644 --- a/content/manuals/desktop/troubleshoot-and-support/troubleshoot/known-issues.md +++ b/content/manuals/desktop/troubleshoot-and-support/troubleshoot/known-issues.md @@ -4,6 +4,8 @@ keywords: mac, troubleshooting, known issues, Docker Desktop title: Known issues tags: [ Troubleshooting ] weight: 30 +aliases: + - /desktop/troubleshoot/known-issues/ --- {{< tabs >}} diff --git a/content/manuals/desktop/troubleshoot-and-support/troubleshoot/topics.md b/content/manuals/desktop/troubleshoot-and-support/troubleshoot/topics.md index 6dd0e0e8e084..532a60e4fc92 100644 --- a/content/manuals/desktop/troubleshoot-and-support/troubleshoot/topics.md +++ b/content/manuals/desktop/troubleshoot-and-support/troubleshoot/topics.md @@ -6,6 +6,8 @@ linkTitle: Common topics toc_max: 4 tags: [ Troubleshooting ] weight: 10 +aliases: + - /desktop/troubleshoot/topics/ --- > [!TIP] diff --git a/content/manuals/desktop/troubleshoot-and-support/troubleshoot/workarounds.md b/content/manuals/desktop/troubleshoot-and-support/troubleshoot/workarounds.md index ac4f55f0131e..8720454e17e5 100644 --- a/content/manuals/desktop/troubleshoot-and-support/troubleshoot/workarounds.md +++ b/content/manuals/desktop/troubleshoot-and-support/troubleshoot/workarounds.md @@ -4,6 +4,8 @@ keywords: linux, mac, windows, troubleshooting, workarounds, Docker Desktop title: Workarounds for common problems tags: [ Troubleshooting ] weight: 20 +aliases: + - /desktop/troubleshoot/workarounds/ --- ### Reboot diff --git a/content/manuals/docker-hub/_index.md b/content/manuals/docker-hub/_index.md index 43e867a23b0c..c5f7ecf4da04 100644 --- a/content/manuals/docker-hub/_index.md +++ b/content/manuals/docker-hub/_index.md @@ -1,7 +1,7 @@ --- -description: Find a comprehensive overview of Docker Hub, including its features, administrative settings, how to get started quickly, and more -keywords: Docker, docker, docker hub, hub, repositories, docker account -title: Overview of Docker Hub +description: Get an overview on Docker Hub to find and share container images +keywords: docker hub, hub, repositories +title: Docker Hub linkTitle: Docker Hub weight: 100 grid: @@ -9,51 +9,42 @@ grid: description: Step-by-step instructions on getting started on Docker Hub. icon: explore link: /docker-hub/quickstart -- title: Create a repository +- title: Repositories description: Create a repository to share your images with your team, customers, or the Docker community. icon: inbox link: /docker-hub/repos -- title: Manage repository access - description: Manage access to push and pull to your repository and assign permissions. - icon: key - link: /docker-hub/repos/access -- title: Automated builds - description: Learn how you can automatically build images from source code to push to your repositories. - icon: build - link: /docker-hub/builds/how-builds-work +- title: Organizations + description: Learn about organization administration. + icon: store + link: /admin/ +- title: Usage + description: Explore usage limits and how to better utilize Docker Hub. + icon: leaderboard + link: /docker-hub/download-rate-limit/ - title: Release notes description: Find out about new features, improvements, and bug fixes. icon: note_add link: /docker-hub/release-notes --- -Docker Hub is a service provided by Docker for finding and sharing container images. +Docker Hub simplifies development with the world's largest container registry +for storing, managing, and sharing Docker images. By integrating seamlessly with +your tools, it enhances productivity and ensures reliable deployment, +distribution, and access to containerized applications. It also provides +developers with pre-built images and assets to speed up development workflows. -It's the world’s largest repository of container images with an array of content sources including container community developers, open source projects, and independent software vendors (ISV) building and distributing their code in containers. +Key features of Docker Hub: -Docker Hub is also where you can go to [carry out administrative tasks for organizations](/admin/). If you have a Docker Team or Business subscription, you can also carry out administrative tasks in the [Docker Admin Console](https://admin.docker.com). +* Unlimited public repositories +* Private repositories +* Webhooks to automate workflows +* GitHub and Bitbucket integrations +* Concurrent and automated builds +* Trusted content featuring high-quality, secure images -{{< tabs >}} -{{< tab name="What key features are included in Docker Hub?" >}} -* [Repositories](../docker-hub/repos/_index.md): Push and pull container images. -* [Builds](builds/_index.md): Automatically build container images from -GitHub and Bitbucket and push them to Docker Hub. -* [Webhooks](webhooks.md): Trigger actions after a successful push - to a repository to integrate Docker Hub with other services. -* [Docker Hub CLI](https://github.com/docker/hub-tool#readme) tool (currently experimental) and an API that allows you to interact with Docker Hub. - * Browse through the [Docker Hub API](/reference/api/hub/latest/) documentation to explore the supported endpoints. -{{< /tab >}} -{{< tab name="What administrative tasks can I perform in Docker Hub?" >}} -* [Create and manage teams and organizations](orgs.md) -* [Create a company](../admin/company/new-company.md) -* [Enforce sign in](../security/for-admins/enforce-sign-in/_index.md) -* Set up [SSO](../security/for-admins/single-sign-on/_index.md) and [SCIM](../security/for-admins/provisioning/scim.md) -* Use [Group mapping](group-mapping.md) -* [Carry out domain audits](domain-audit.md) -* [Use Image Access Management](/manuals/security/for-admins/hardened-desktop/image-access-management.md) to control developers' access to certain types of images -* [Turn on Registry Access Management](/manuals/security/for-admins/hardened-desktop/registry-access-management.md) -{{< /tab >}} -{{< /tabs >}} +In addition to the graphical interface, you can interact with Docker Hub using +the [Docker Hub API](../../reference/api/hub/latest.md) or experimental [Docker +Hub CLI tool](https://github.com/docker/hub-tool#readme). -{{< grid >}} +{{< grid >}} \ No newline at end of file diff --git a/content/manuals/docker-hub/release-notes.md b/content/manuals/docker-hub/release-notes.md index 39d11fef69cf..4b307927e5b7 100644 --- a/content/manuals/docker-hub/release-notes.md +++ b/content/manuals/docker-hub/release-notes.md @@ -15,6 +15,18 @@ known issues for each Docker Hub release. Take a look at the [Docker Public Roadmap](https://github.com/orgs/docker/projects/51/views/1?filterQuery=) to see what's coming next. +## 2024-11-11 + +### New + +- [Personal access tokens](/security/for-developers/access-tokens/) (PATs) now support expiration dates. + +## 2024-10-15 + +### New + +- Beta: You can now create [organization access tokens](/security/for-admins/access-tokens/) (OATs) to enhance security for organizations and streamline access management for organizations. + ## 2024-03-23 ### New diff --git a/content/manuals/scout/how-tos/artifact-types.md b/content/manuals/scout/how-tos/artifact-types.md index 524219fc8c5b..e62a1452dffc 100644 --- a/content/manuals/scout/how-tos/artifact-types.md +++ b/content/manuals/scout/how-tos/artifact-types.md @@ -56,7 +56,7 @@ You can use prefixes with the following commands: This section contains a few examples showing how you can use prefixes to specify artifacts for `docker scout` commands. -## Analyze a local project +### Analyze a local project The `fs://` prefix lets you analyze local source code directly, without having to build it into a container image. @@ -112,7 +112,7 @@ pkg:npm/fastify@3.29.0 CRITICAL 0 ``` -## Compare a local project to an image +### Compare a local project to an image With `docker scout compare`, you can compare the analysis of source code on your local filesystem with the analysis of a container image. diff --git a/content/manuals/security/for-admins/hardened-desktop/_index.md b/content/manuals/security/for-admins/hardened-desktop/_index.md index 0ef103c2ce57..067476c2d1a3 100644 --- a/content/manuals/security/for-admins/hardened-desktop/_index.md +++ b/content/manuals/security/for-admins/hardened-desktop/_index.md @@ -37,9 +37,9 @@ weight: 60 Hardened Docker Desktop is a group of security features, designed to improve the security of developer environments with minimal impact on developer experience or productivity. -It lets administrators enforce strict security settings, preventing developers and their containers from bypassing these controls, either intentionally or unintentionally. Additionally, you can enhance container isolation, to mitigate potential security threats such as malicious payloads breaching the Docker Desktop Linux VM and the underlying host. +It lets you enforce strict security settings, preventing developers and their containers from bypassing these controls, either intentionally or unintentionally. Additionally, you can enhance container isolation, to mitigate potential security threats such as malicious payloads breaching the Docker Desktop Linux VM and the underlying host. -Hardened Docker Desktop moves the ownership boundary for Docker Desktop configuration to the organization, meaning that any security controls administrators set cannot be altered by the user of Docker Desktop. +Hardened Docker Desktop moves the ownership boundary for Docker Desktop configuration to the organization, meaning that any security controls you set cannot be altered by the user of Docker Desktop. It is for security conscious organizations who: - Don’t give their users root or administrator access on their machines @@ -50,8 +50,8 @@ It is for security conscious organizations who: Hardened Desktop features work independently but collectively to create a defense-in-depth strategy, safeguarding developer workstations against potential attacks across various functional layers, such as configuring Docker Desktop, pulling container images, and running container images. This multi-layered defense approach ensures comprehensive security. It helps mitigate against threats such as: - - Malware and supply chain attacks: Registry Access Management and Image Access Management prevent developers from accessing certain container registries and image types, significantly lowering the risk of malicious payloads. Additionally, ECI restricts the impact of containers with malicious payloads by running them without root privileges inside a Linux user namespace. - - Lateral movement: Air-Gapped Containers lets administrators configure network access restrictions for containers, thereby preventing malicious containers from performing lateral movement within the organization's network. - - Insider threats: Settings Management configures and locks various Docker Desktop settings so administrators can enforce company policies and prevent developers from introducing insecure configurations, intentionally or unintentionally. + - Malware and supply chain attacks: Registry Access Management and Image Access Management prevent developers from accessing certain container registries and image types, significantly lowering the risk of malicious payloads. Additionally, Enhanced Container Isolation (ECI) restricts the impact of containers with malicious payloads by running them without root privileges inside a Linux user namespace. + - Lateral movement: Air-gapped containers lets you configure network access restrictions for containers, thereby preventing malicious containers from performing lateral movement within the organization's network. + - Insider threats: Settings Management configures and locks various Docker Desktop settings so you can enforce company policies and prevent developers from introducing insecure configurations, intentionally or unintentionally. {{< grid >}} diff --git a/content/manuals/security/for-admins/hardened-desktop/air-gapped-containers.md b/content/manuals/security/for-admins/hardened-desktop/air-gapped-containers.md index e08b9d22a8cb..107de3643290 100644 --- a/content/manuals/security/for-admins/hardened-desktop/air-gapped-containers.md +++ b/content/manuals/security/for-admins/hardened-desktop/air-gapped-containers.md @@ -9,11 +9,11 @@ aliases: {{< introduced desktop 4.29.0 "/manuals/desktop/release-notes.md#4290" >}} -Air-Gapped Containers allows administrators to restrict containers from accessing network resources, limiting where data can be uploaded to or downloaded from. +Air-gapped containers let you restrict containers from accessing network resources, limiting where data can be uploaded to or downloaded from. Docker Desktop can apply a custom set of proxy rules to network traffic from containers. The proxy can be configured to: -- Allow network connections +- Accept network connections - Reject network connections - Tunnel through an HTTP or SOCKS proxy @@ -79,7 +79,7 @@ The `FindProxyForURL` can return the following values: - `PROXY host_or_ip:port`: Tunnels this request through the HTTP proxy `host_or_ip:port` - `SOCKS5 host_or_ip:port`: Tunnels this request through the SOCKS proxy `host_or_ip:port` -- `DIRECT`: Allows this request to go direct, without a proxy +- `DIRECT`: Lets this request go direct, without a proxy - `PROXY reject.docker.internal:any_port`: Rejects this request In this particular example, HTTP and HTTPS requests for `internal.corp` are sent via the HTTP proxy `10.0.0.1:3128`. Requests to connect to IPs on the subnet `192.168.0.0/24` connect directly. All other requests are blocked. diff --git a/content/manuals/security/for-admins/hardened-desktop/image-access-management.md b/content/manuals/security/for-admins/hardened-desktop/image-access-management.md index 2314c8d983fa..4a22ca968017 100644 --- a/content/manuals/security/for-admins/hardened-desktop/image-access-management.md +++ b/content/manuals/security/for-admins/hardened-desktop/image-access-management.md @@ -14,20 +14,15 @@ weight: 40 > > Image Access Management is available to [Docker Business](/manuals/subscription/core-subscription/details.md#docker-business) customers only. -Image Access Management gives administrators control over which types of images, such as Docker Official Images, Docker Verified Publisher Images, or community images, their developers can pull from Docker Hub. +Image Access Management gives you control over which types of images, such as Docker Official Images, Docker Verified Publisher Images, or community images, your developers can pull from Docker Hub. For example, a developer, who is part of an organization, building a new containerized application could accidentally use an untrusted, community image as a component of their application. This image could be malicious and pose a security risk to the company. Using Image Access Management, the organization owner can ensure that the developer can only access trusted content like Docker Official Images, Docker Verified Publisher Images, or the organization’s own images, preventing such a risk. ## Prerequisites -You need to [enforce sign-in](../enforce-sign-in/_index.md). For Image Access -Management to take effect, Docker Desktop users must authenticate to your -organization. Enforcing sign-in ensures that your Docker Desktop developers -always authenticate to your organization, even though they can authenticate -without it and the feature will take effect. Enforcing sign-in guarantees the -feature always takes effect. +You first need to [enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md) to ensure that all Docker Desktop developers authenticate with your organization. Since Image Access Management requires a Docker Business subscription, enforced sign-in guarantees that only authenticated users have access and that the feature consistently takes effect across all users, even though it may still work without enforced sign-in. -## Configure Image Access Management permissions +## Configure {{< tabs >}} {{< tab name="Docker Hub" >}} diff --git a/data/redirects.yml b/data/redirects.yml index b6da290635ef..59970580d13e 100644 --- a/data/redirects.yml +++ b/data/redirects.yml @@ -98,7 +98,7 @@ - /go/storage-driver/ "/docker-hub/vulnerability-scanning/": - /go/tip-scanning/ -"/desktop/windows/features/wsl/": +"/desktop/features/wsl/": # Link used by Docker Desktop to refer users on how to activate WSL 2 - /go/wsl2/ "/reference/api/hub/latest/": diff --git a/layouts/shortcodes/admin-image-access.html b/layouts/shortcodes/admin-image-access.html index 6cf00c599b1a..0db9b8f4007a 100644 --- a/layouts/shortcodes/admin-image-access.html +++ b/layouts/shortcodes/admin-image-access.html @@ -10,12 +10,12 @@ 2. {{ $iam_navigation }} 3. Enable Image Access Management to set the permissions for the following categories of images you can manage: - - **Organization images**: Images from your organization are always allowed by default. These images can be public or private created by members within your organization. + - **Organization Images**: Images from your organization are always allowed by default. These images can be public or private created by members within your organization. - **Docker Official Images**: A curated set of Docker repositories hosted on Hub. They provide OS repositories, best practices for Dockerfiles, drop-in solutions, and applies security updates on time. - **Docker Verified Publisher Images**: Images published by Docker partners that are part of the Verified Publisher program and are qualified to be included in the developer secure supply chain. - - **Community images**: These images are disabled by default when Image Access Management is enabled because various users contribute them and they may pose security risks. This category includes Docker-Sponsored Open Source images. + - **Community Images**: These images are disabled by default when Image Access Management is enabled because various users contribute them and they may pose security risks. This category includes Docker-Sponsored Open Source images. - > **Note** + > [!NOTE] > > Image Access Management is turned off by default. However, owners in your organization have access to all images regardless of the settings.